Introduction

If you have questions or complaints regarding our privacy policy or practices, please contact us at [email protected] If you are not satisfied with our response, we have agreed to participate in the dispute resolution procedures of the panel established by the EU Data Protection Authorities to resolve disputes pursuant to the Safe Harbor Principles, and to cooperate and comply with the Federal Data Protection and Information Commissioner of Switzerland.

Okta complies with the U.S. – E.U. Safe Harbor Framework and the U.S. – Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. Okta has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Okta's certification, please visit http://www.export.gov/safeharbor/.

Web Sites Covered

Okta has established this Privacy Policy to help you to understand how Okta collects and uses personally identifiable information. This Privacy Policy covers the information practices of Web sites that link to this Privacy Policy, including, but not limited to http://www.okta.com.

Okta's Web sites may contain links to other Web sites. Okta is not responsible for the information practices or the content of such other Web sites. The Company encourages you to review the privacy statements of other Web sites to understand their information practices.

Information Collected by Okta

Okta is committed to protecting the privacy of its customers’ data and user information. Okta has established a privacy policy to help users understand how Okta collects and uses personally identifiable information within the Okta website.

Okta does not collect email addresses from the Okta production service for marketing use. Okta does collect information from individuals (“Visitors”) who visit the Okta Website. This information is collected in accordance with this privacy policy, from sources that include but not limited to content syndication, website registration forms, webinar registration forms and conferences.

Personal Information You Provided to Us. Okta collects information from Visitors to the Okta website. Okta receives and stores any information entered when expressing an interest in obtaining more information about the Okta SSO & IAM Service or registering to use the Service. When expressing an interest in obtaining information about the Services or registering to use the Services on Okta’s website, Okta may require you to provide personal contact information, such as name, company name, address, phone number, email address, and any other information necessary for us to provide Visitors with access to the various aspects of the Services (collectively, “Personal Information”). The Personal Information you provided is used for such purposes as answering questions, improving the content of the website, customizing the content, and communicating with the Visitors about Okta's Services, including specials and new features.

Personal Information Collected Automatically. As Visitors navigate or interact with Okta's website, Okta may also automatically collect information through the use of commonly-used information-gathering tools, such as cookies and Web beacons.

Other Third Party Tracking

Okta engages third parties, which use web beacons, images, and scripts, to help better manage content on Okta’s website. Okta does not provide Personal Information to the third parties but may tie the information gathered from third party tracking to our Visitors’ Personally Identifiable information for marketing purposes.

Cookies:

Okta uses cookies to make interactions with the website easy and meaningful. When a Visitor interacts with the website, Okta's servers send a cookie to the Visitor’s computer. Standing alone, cookies do not personally identify the Visitor. They merely recognize the visitor’s Web browser. Unless the Customer chooses to identify themselves to Okta, either by responding to a promotional offer, opening an account, or filling out a Web form, Okta has no way to associate this cookie data with the Visitor’s Personal Information.

For the website, Okta uses cookies that are session-based. Session cookies exist only during one session. They disappear from the Visitor’s computer upon closing their browser software or turning off their computer.

Most browsers have an option for turning off cookies, which will prevent their browser from accepting new cookies, as well as (depending on the sophistication of the browser software) allowing the Visitor to decide on acceptance of each new cookie in a variety of ways.

Okta's website connects Visitors to third party services, with whom Okta partners with to provide the content. The use of cookies by our partners is not covered by Okta’s privacy statement. Okta does not have access or control over these cookies. Okta’s partners use session ID cookies to manage a user's connection to the partner's service.

Web Beacons:

Okta uses Web beacons alone or in conjunction with cookies to compile information about Visitors’ usage of the website, interaction with emails from Okta, and to operate and improve the website. Web beacons are invisible electronic images that can recognize certain types of information on a Visitors computer, such as (1) cookies, (2) the time a particular website is viewed to the Web beacon, or (3) a description of a website tied to the Web beacon.

IP Addresses and Browser Information:

When a Visitor interacts with the website, Okta collects their Internet Protocol ("IP") addresses, browser information and operating system to track and aggregate non-personal information. For example, Okta uses IP addresses to monitor the regions from which Visitors navigate the website.

Other Third Party Tracking:

Okta engages third parties, which use web beacons, images, and scripts, to help better manage content on Okta's website. Okta does not provide Personal Information to the third parties but may tie the information gathered from third party tracking to our Visitors' Personally Identifiable information for marketing purposes.

Use of Cookies by Okta

Cookies are small text files placed on your computer by sites that you have visited. They are used to make websites work, or work more effectively and efficiently. Cookies may also provide information to the owners of the site. No personally identifiable information is stored within them, however, full details are below to explain the cookies we use and why.

On this page, we provide a list of all the cookies and services that may set cookies on your device. We also list links to each of the services' privacy policies and opt out information. Not all third party services provide information to opt out of their cookies. If you do not wish to have cookies set on your device for any reason, you may opt out of all cookies via your browser.

Performance Cookies

These cookies help us understand how visitors interact with our websites by providing information about the areas visited, the time spent on the website, and any issues encountered, such as error messages. This helps us improve the performance of our websites.

Cookies

Name

Purpose

Cookies/Privacy Policy Link

Google Analytics

_utma

_utmb

_utmc

_utmz

Google Analytics cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Opt Out

Optimizely uses cookies to identify a visitor's browser and track website usage while on a partner site. The cookies come from partner website domains and from our log subdomain. You can reset your web browser's cookies to clear these cookies. For more information, see Optimizely's full privacy policy. Opt Out.

Formisimo is a web analytics tool that helps website owners understand how their visitors interact with forms. Formisimo collects aggregated anonymous information and it reports website trends without identifying individual visitors. Formisimo uses a single cookie within a session to determine how visitors progress through a form. The cookie will expire when a user closes their browser window.

The JSESSIONID cookie is used to store a session identifier so that New Relic can monitor session counts for an application. The cookie value is generated by Jetty. JSESSIONID is a session cookie that is deleted when the browser closes.

Targeting or Advertising Cookies

Targeting and Advertising Cookies are used for marketing purposes.

You may opt out of behaviorally targeted ads anytime by deleting your browser's cookies. You can also prevent some targeted ads by submitting opt outs to these companies:http://preferences-mgr.truste.com/

AdRoll provides interest-based advertisements to show our ads on other websites. The technology to do this is made possible by cookies and as such we may place a so called “remarketing cookie” during your visit. The whole process is entirely anonymous. Opt Out.

DoubleClick uses cookies to improve advertising. Some common applications are to target advertising based on what’s relevant to a user, to improve reporting on campaign performance, and to avoid showing ads the user has already seen. DoubleClick cookies contain no personally identifiable information. Sometimes the cookie contains an additional identifier that is similar in appearance to the cookie ID. This identifier is used to identify an ad campaign to which a user was exposed previously; but no personally identifiable information is stored by DoubleClick in the cookie.Opt Out

Third Party Services

We use some third party services. These services may place cookies on your device to gather, for example usage information and session preferences. We do not have control over the cookies these services may set in order to make their service run properly or the cookies they may set to collect usage and preferences.

Cookies

Name

Purpose

Cookies/Privacy Policy Link

Vimeo (player)

Vimeo sets a number of cookies on any page that embeds a Vimeo video. While we have no control over these cookies, they may include a mixture of pieces of information to measure the number and behavior of Vimeo viewers, to hold information about current viewing video settings as well as a personal identification token, if you are logged into Vimeo.

Jobvite uses beacons to track the status of sent emails, including job invitations sent as Jobvites. Cookies are files sent to your browser from a web server and stored on your computer's hard drive. Jobvite's persistent and session ID cookies are used to identify unique visitors and to provide a personalized user experience. Beacons are bits of code that function similar to cookies. Jobvite's beacons are embedded in outgoing emails and generate a call back to the Jobvite server when such emails are opened. Jobvite uses beacons to track the status of sent emails including job invitations sent as Jobvites.

Google sets a number of cookies on any page that includes a Google Map. While we have no control over the cookies set by Google, they may include a mixture of pieces of information to measure the number and behavior of Google Maps users. Opt Out

"Can I use" provides up-to-date browser support tables for support of front-end web technologies on desktop and mobile web browsers. This widget may set Google Analytics cookies to track usage.

influitive

_influitive_app_session

Influitive AdvocateAnywhere cookies are used to track the current user submitting challenge responses to AdvocateHub. It does not record any information about a user's browser or location. The cookie is used to track when a member of the hub completes a challenge. If the user came back to the site, the service will know what challenges were previously completed. No personal information is tracked unless a user inputs their name and email when completing a challenge.

Social Sharing

Our Web site includes Social Media Features, such as the Facebook Like button, LinkedIn button, Twitter and “Share This” widget. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy policy of the company providing it.

Cookies

Name

Purpose

Cookies/Privacy Policy Link

Twitter

guest_id

We use Twitter share buttons on this site. Twitter may use cookies to better understand how you interact with their services, to monitor aggregate usage by Twitter users and web traffic routing to their services. You can remove or block cookies using the settings in your browser, but in some cases, this may impact your ability to use Twitter.

Other browsers: Please refer to your browser Options for further information

Use of Information Collected

Okta may occasionally run contests or other special promotions on the website in which visitors are asked to choose to participate for contact information (like an e-mail address) or demographic information (like a zip code, industry or country). Okta may use the data collected in these contests and promotions to send promotional material about Okta or our partners. Contact information collected from these contests and promotions may be used to administer the contest and notify winners and contact Visitors when necessary.

Except as described in the policy, Okta will not give, sell, rent, or loan any identifiable Personal Information to any third party, without a Visitor’s prior consent. Okta may disclose such information to respond to subpoenas, court orders, or legal process, or to establish or exercise their legal rights or defend against legal claims. Okta may also share such information if they believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law. Okta may also provide non-personal, summary or group statistics about our customers, sales, traffic patterns, and related Services information to reputable third-party vendors, but these statistics will include no Personal Information.

If Okta is involved in a merger, acquisition, or sale of all or a portion of its assets, Visitors will be notified via a prominent notice on Okta’s website of any change in ownership or uses of personal information, as well as any choices a Visitors may have regarding their personal information.

Protection of Information

Okta’s website offers publicly accessible blogs or community forums. Any information provided in these areas may be read, collected, and used by others who access them.

Okta’s website includes Social Media Features, such as the Facebook and Twitter buttons and Widgets, such as the Share this button or interactive mini-programs that run on the site. These Features may collect a Visitor’s IP address, which page they visit on the site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on Okta’s Site. A Visitor’s interactions with these Features are governed by the privacy policy of the company providing it. Okta has no direct relationship with the individuals whose Personal Information it processes.

Okta will retain Personal Information they process on behalf of Visitors for as long as needed to provide website services to Visitors. Okta will retain and use this Personal Information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

Okta may amend or update this policy from time to time. The most current version of this privacy policy at any time at http://www.okta.com/privacy. Use of information collected is subject to the Privacy Policy in effect at the time such information is used. If Okta makes material changes in the way they use Personal Information, they will notify Visitors by posting an announcement on the Website or sending an email prior to the change becoming effective. A Visitors continued use of the Okta website following any such change constitutes agreement to be bound by such changes to the privacy policy. The only remedy, if a Customer does not accept the terms of this privacy policy, is to discontinue use of the Okta website.

Access to Personally Identifiable Information

Users may update their Personal Information by editing their user information in the Service. If you're a Visitor and your Personal Information changes, or if you no longer desire information on our Service, you may have your Personal Information updated or removed from our records by emailing [email protected] or by contacting us by telephone or postal mail at the contact information listed below.

We will respond to your request within 30 days.

What Choices Do I Have?

As stated previously, you can always opt not to disclose information, even though it may be needed to take advantage of or register for certain features of the Services.

You may request deletion of your Okta account by sending an e-mail to [email protected]

If you do not wish to receive email or other mail from us, please indicate this preference during the registration process, by changing your account settings, following the unsubscribe mechanism within the message or by notifying us at [email protected]. Please note that if you do not want to receive legal notices from us, such as this Privacy Policy, those legal notices will still govern your use of the Website, and you are responsible for reviewing such legal notices for changes.

Customer Testimonials/Comments/Reviews

We post customer testimonials/comments/reviews on our web site which may contain personally identifiable information. We do obtain the customer's consent via email prior to posting the testimonial to post their name along with their testimonial. If you wish to update or delete your testimonial, you can contact us at [email protected]

Public Forums

Our Web site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at [email protected]. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.

Social Media Widgets

Our Web site includes Social Media Features, such as the Facebook and Twitter buttons and Widgets, such as the Share this button or interactive mini-programs that run on our site. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy policy of the company providing it.

Information Collected on Behalf of our Customers using the Service

Okta collects information under the direction of its customers and has no direct relationship with the individual Users/employees whose personal data it processes. Okta works with its customers to help them provide notice to their employees concerning the purpose for which personal information is collected.

We collect information for our customers. If you are an employee of one of our customers and would no longer like to use Okta's service, please contact your Employer directly. Okta may transfer Personal Information to companies that help us provide our service. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our Customers.

Okta has no direct relationship with the individuals whose Personal Information it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to their Employer. If the Employer/ Okta's Customer requests that Okta remove the data, we will respond to their request within 30 business days.

Okta will retain Personal Information we process on behalf of our customers for as long as needed to provide services to our customer. Okta will retain and use this Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Changes to Privacy Policy

Okta may amend or update this policy from time to time. You can review the most current version of this privacy policy at any time at http://www.okta.com/privacy/index.html. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make material changes in the way we use Personal Information, we will notify you by posting an announcement on the Website or sending you an email prior to the change becoming effective. Your continued use of the Services following any such change constitutes your agreement to be bound by such changes to the privacy policy. Your only remedy, if you do not accept the terms of this privacy policy, is to discontinue use of the Services.

Contact Us

If you have any questions about this Privacy Policy or this Web site, please contact us directly at: [email protected] Written inquiries may be addressed to: